Bug 833114 - Repositories Delete Selected Repository button leads to exception page when no permission is given
Repositories Delete Selected Repository button leads to exception page when n...
Product: JBoss Operations Network
Classification: JBoss
Component: Content (Show other bugs)
JON 3.1.1
All All
medium Severity high
: ER01
: JON 3.2.0
Assigned To: Jay Shaughnessy
Mike Foley
Depends On: 831152
  Show dependency treegraph
Reported: 2012-06-18 11:42 EDT by Charles Crouch
Modified: 2015-02-01 18:28 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 831152
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
repo-delete.png (104.29 KB, image/png)
2013-10-16 09:59 EDT, Armine Hovsepyan
no flags Details

  None (edit)
Description Charles Crouch 2012-06-18 11:42:15 EDT
+++ This bug was initially created as a clone of Bug #831152 +++

Created attachment 591161 [details]
delete repo

Description of problem:
For user with unchecked "Manage Repositories" permission- Delete repository shows red error (with some source data) on the top of the page

Version-Release number of selected component (if applicable):
JON - Version: 3.1.0.ER6

How reproducible:

Steps to Reproduce:
1.Log in with rhqadmin super user
2.Create role "testRole" with  Manage Repositories unchecked
3.Create "testUser" user with this role
4.Log in with "testUser"
5.Click Administration navigation tab
6.Click  Repositories sub navigation on the left hand side
7. Click on "Create New" and by filling name and description create new repo
8. Select created repository 
9. Click Delete Selected button
Actual results:
Red error with some source data [like "invocation: method=public void org.rhq.enterprise.server.content.ContentSourceManagerBean.purgeOrphanedPackageVersions(org.rhq.core.domain.auth.Subject),context-data={}" ] is visible on the top of the page

Expected results:
After step97. "?????" Either Delete button is not visible, or just no error is shown, or the error doesn't contain "source" data  ???????

Additional info:
please get attached screenshot

--- Additional comment from jshaughn@redhat.com on 2012-06-15 16:53:53 EDT ---

This is odd.  We let a user without MANAGE_REPOSITORIES create a repo.  I think the delete operation generating a permission exception is actually correct.  I'm not sure why we allow create to work, it seems that should fail as well although maybe I don't know all the semantics.

Perhaps the Administration->Repositories should be disabled for a user without MANAGE_REPOSITORIES permission.  But that is GUI issue, the create is potentially an SLSB level issue.

--- Additional comment from jshaughn@redhat.com on 2012-06-18 10:09:14 EDT ---

OK, looking at the code, the create seems OK.  We allow a user to create a private repository.  And, lacking MANAGE_REPOSITORIES, we ensure that it is set private even if the global option is requested.

So, the problem here is that the user can not then delete his own repo.  That is a real problem.  I'm taking this...

--- Additional comment from jshaughn@redhat.com on 2012-06-18 11:38:12 EDT ---

master commit 5a8b4196beed872022861c0d4110a652c0f5c013
A private repo should be able to be deleted by its owner, even if the owner
does not have MANAGE_REPOSITORIES permission.
Comment 1 Charles Crouch 2012-06-18 11:42:28 EDT
Per triage, target 3.2
Comment 2 Jay Shaughnessy 2012-06-18 12:05:33 EDT
This is fixed upstream.
Comment 3 Heiko W. Rupp 2013-08-12 04:25:57 EDT
This was done upstream and will thus be in er1
Comment 4 Armine Hovsepyan 2013-10-16 09:58:55 EDT
double-checked on jon 3.2 er3
Comment 5 Armine Hovsepyan 2013-10-16 09:59:20 EDT
Created attachment 812939 [details]

Note You need to log in before you can comment on or make changes to this bug.